Store Dynatrace images in private registries - Kubernetes

You can store Dynatrace containers in private registries in Kubernetes environments using either a lightweight or an immutable OneAgent container image.

The lightweight image consists of a OneAgent installer, which downloads necessary binaries from a Dynatrace cluster.
The immutable image includes the binaries themselves, allowing for more control and thorough security scanning.

Use an immutable OneAgent image Use a lightweight OneAgent image

Pull the OneAgent Operator image.
Example command:

docker pull docker.io/dynatrace/dynatrace-oneagent-operator:v<X.Y.Z>

Note: Be sure to replace <X.Y.Z> with the latest OneAgent Operator version.

Pull a specific immutable OneAgent image version.
Example command:

docker pull <YOUR_ENVIRONMENT_DOMAIN_NAME>/linux/oneagent:<x.y.z>

Note: Be sure to replace <YOUR_ENVIRONMENT_DOMAIN_NAME> with your own environment domain name (the URL without https://), and <x.y.z> with your desired OneAgent version.

Tag each image for your own registry.
Example command:

docker tag docker.io/dynatrace/dynatrace-oneagent-operator:v<X.Y.Z> <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-oneagent-operator:v<X.Y.Z>
docker tag <YOUR_ENVIRONMENT_DOMAIN_NAME>/linux/oneagent:<x.y.z> <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/oneagent:<x.y.z>

Note: Be sure to replace:

<X.Y.Z> with the latest OneAgent Operator version.
<YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS> with the OneAgent Operator address from your private registry.
<YOUR_ENVIRONMENT_DOMAIN_NAME> with your environment domain name (the URL without https://).
<x.y.z> with your desired OneAgent version.
<YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS> with the OneAgent address from your private registry.

Push both images to your own registry.
Example command:

docker push <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-oneagent-operator:v<X.Y.Z>
docker push <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/oneagent:<x.y.z>

Note: Be sure to replace <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>, <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>, <X.Y.Z>, and <x.y.z> with your own values.

Download the latest kubernetes.yaml file from the Dynatrace GitHub repository.

wget https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/kubernetes.yaml

If your registries need authentication, update imagePullSecrets on different service accounts.
For more information on how Kubernetes handles security for pods, see Configure service accounts for pods.
Deploy OneAgent Operator.

kubectl create namespace dynatrace
kubectl apply -f kubernetes.yaml

Download the cr.yaml file for OneAgent custom resource.

wget https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/cr.yaml

Open cr.yaml in a text editor and make the following changes:

Change useImmutableImage to true.
Adapt other values according to the parameters section of the OneAgent Operator deployment page.
Note: When using the immutable image, fields such as proxy, trustedCAs, and skipCertCheck are ignored. Kubernetes attempts to pull images straight from your registry. These network settings must be configured directly on the node.

Deploy the OneAgent custom resource.

kubectl apply -f cr.yaml

Pull the OneAgent Operator image.
Example command:

docker pull docker.io/dynatrace/dynatrace-oneagent-operator:v<X.Y.Z>

Note: Be sure to replace <X.Y.Z> with the latest OneAgent Operator version.

Pull the lightweight OneAgent image.

docker pull docker.io/dynatrace/oneagent

Tag each image for your own registry.
Example command:

docker tag docker.io/dynatrace/dynatrace-oneagent-operator:v<X.Y.Z> <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-oneagent-operator:v<X.Y.Z>
docker tag docker.io/dynatrace/oneagent:latest <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/dynatrace-oneagent:latest

Note: Be sure to replace:

<X.Y.Z> with the latest OneAgent Operator version.
<YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS> with the OneAgent Operator address from your private registry.
<YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS> with the OneAgent address from your private registry.

Push both images to your own registry.

docker push <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-oneagent-operator
docker push <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/dynatrace-oneagent:latest

Note: Be sure to replace <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS> and <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS> with your own values.

Download the kubernetes.yaml file from Dynatrace GitHub repository.

wget https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/kubernetes.yaml

Open kubernetes.yaml in a text editor and replace all image field instances with image: <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>, making sure to replace <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS> with your own value.
If your registries need authentication, update imagePullSecrets on different service accounts.
For more information on how Kubernetes handles security for pods, see Configure service accounts for pods.
Deploy OneAgent Operator.

kubectl create namespace dynatrace
kubectl apply -f kubernetes.yaml

Download the cr.yaml file for OneAgent custom resource.

wget https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/cr.yaml

Open cr.yaml in a text editor and make the following changes:

Uncomment the image field.
Note: Be sure to maintain proper YAML indentation.
Replace the empty value of the image field (image: "") with image: <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>.
Note: Be sure to replace <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS> with your own value.
Adapt other values (proxy, apiUrl, etc.) according to the parameters section of the OneAgent Operator deployment page.

Deploy the OneAgent custom resource.

kubectl apply -f cr.yaml